Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e2d6a5a by security tracker role at 2025-02-18T20:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,117 @@
+CVE-2025-27016 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27013 (Missing Authorization vulnerability in EPC MediCenter - Health
Medical ...)
+ TODO: check
+CVE-2025-26623 (Exiv2 is a C++ library and a command-line utility to read,
write, dele ...)
+ TODO: check
+CVE-2025-26620 (Duende.AccessTokenManagement is a set of .NET libraries that
manage OA ...)
+ TODO: check
+CVE-2025-26604 (Discord-Bot-Framework-Kernel is a Discord bot framework built
with int ...)
+ TODO: check
+CVE-2025-26603 (Vim is a greatly improved version of the good old UNIX editor
Vi. Vim ...)
+ TODO: check
+CVE-2025-26058 (Webkul QloApps v1.6.1 exposes authentication tokens in URLs
during red ...)
+ TODO: check
+CVE-2025-25305 (Home Assistant Core is an open source home automation that
puts local ...)
+ TODO: check
+CVE-2025-25300 (smartbanner.js is a customizable smart app banner for iOS and
Android. ...)
+ TODO: check
+CVE-2025-25284 (The ZOO-Project is an open source processing platform,
released under ...)
+ TODO: check
+CVE-2025-24895 (CIE.AspNetCore.Authentication is an AspNetCore Remote
Authenticator fo ...)
+ TODO: check
+CVE-2025-24894 (SPID.AspNetCore.Authentication is an AspNetCore Remote
Authenticator f ...)
+ TODO: check
+CVE-2025-22663 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-22657 (Missing Authorization vulnerability in Vito Peleg Atarim
allows Exploi ...)
+ TODO: check
+CVE-2025-22656 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-22654 (Unrestricted Upload of File with Dangerous Type vulnerability
in kodes ...)
+ TODO: check
+CVE-2025-22650 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22645 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2025-22639 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22207 (Improperly built order clauses lead to a SQL injection
vulnerability i ...)
+ TODO: check
+CVE-2025-21608 (Meshtastic is an open source mesh networking solution. In
affected fir ...)
+ TODO: check
+CVE-2025-1414 (Memory safety bugs present in Firefox 135. Some of these bugs
showed e ...)
+ TODO: check
+CVE-2025-1269 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in H ...)
+ TODO: check
+CVE-2025-1035 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-1023 (A vulnerability exists in ChurchCRM5.13.0 and priorthat allows
an atta ...)
+ TODO: check
+CVE-2025-0981 (A vulnerability exists in ChurchCRM5.13.0 and prior that allows
an att ...)
+ TODO: check
+CVE-2025-0817 (The FormCraft plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-0521 (The Post SMTP plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-57056 (Incorrect cookie session handling in WombatDialer before 25.02
results ...)
+ TODO: check
+CVE-2024-57055 (Server-Side Access Control Bypass vulnerability in
WombatDialer before ...)
+ TODO: check
+CVE-2024-57050 (A vulnerability in the TP-Link WR840N v6 router with firmware
version ...)
+ TODO: check
+CVE-2024-57049 (A vulnerability in the TP-Link Archer c20 router with firmware
version ...)
+ TODO: check
+CVE-2024-57046 (A vulnerability in the Netgear DGN2200 router with firmware
version v1 ...)
+ TODO: check
+CVE-2024-57045 (A vulnerability in the D-Link DIR-859 router with firmware
version A3 ...)
+ TODO: check
+CVE-2024-56883 (Sage DPW before 2024_12_001 is vulnerable to Incorrect Access
Control. ...)
+ TODO: check
+CVE-2024-56882 (Sage DPW before 2024_12_000 is vulnerable to Cross Site
Scripting (XSS ...)
+ TODO: check
+CVE-2024-56000 (Incorrect Privilege Assignment vulnerability in NotFound K
Elements al ...)
+ TODO: check
+CVE-2024-55460 (A time-based SQL injection vulnerability in the login page of
BoardRoo ...)
+ TODO: check
+CVE-2024-51505 (An issue was discovered in Atos Eviden IDRA before 2.7.1. A
highly tru ...)
+ TODO: check
+CVE-2024-50609 (An issue was discovered in Fluent Bit 3.1.9. When the
OpenTelemetry in ...)
+ TODO: check
+CVE-2024-50608 (An issue was discovered in Fluent Bit 3.1.9. When the
Prometheus Remot ...)
+ TODO: check
+CVE-2024-4028 (A vulnerability was found in Keycloak. This issue may allow a
privileg ...)
+ TODO: check
+CVE-2024-49589 (Foundry Artifacts was found to be vulnerable to a Denial Of
Service at ...)
+ TODO: check
+CVE-2024-39328 (Insecure Permissions in Atos Eviden IDRA and IDCA before
2.7.0. A high ...)
+ TODO: check
+CVE-2024-39327 (Incorrect Access Control vulnerability in Atos Eviden IDRA
before 2.6. ...)
+ TODO: check
+CVE-2024-13797 (The PressMart - Modern Elementor WooCommerce WordPress Theme
theme for ...)
+ TODO: check
+CVE-2024-13783 (The FormCraft plugin for WordPress is vulnerable to
unauthorized acces ...)
+ TODO: check
+CVE-2024-13718 (The Flexible Wishlist for WooCommerce \u2013 Ecommerce
Wishlist & Save ...)
+ TODO: check
+CVE-2024-13691 (The Uncode theme for WordPress is vulnerable to arbitrary file
read du ...)
+ TODO: check
+CVE-2024-13689 (The Uncode Core plugin for WordPress is vulnerable to
arbitrary shortc ...)
+ TODO: check
+CVE-2024-13681 (The Uncode theme for WordPress is vulnerable to arbitrary file
read du ...)
+ TODO: check
+CVE-2024-13667 (The Uncode theme for WordPress is vulnerable to Stored
Cross-Site Scri ...)
+ TODO: check
+CVE-2024-13636 (The Brooklyn theme for WordPress is vulnerable to PHP Object
Injection ...)
+ TODO: check
+CVE-2024-13395 (The Threepress plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-13369 (The Tour Master - Tour Booking, Travel, Hotel plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-13316 (The Scratch & Win \u2013 Giveaways and Contests. Boost
subscribers, tr ...)
+ TODO: check
+CVE-2024-12860 (The CarSpot \u2013 Dealership Wordpress Classified Theme theme
for Wor ...)
+ TODO: check
CVE-2025-1125 [fs/hfs: Interger overflow may lead to heap based out-of-bounds
write]
- grub2 <unfixed>
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
@@ -38,11 +152,11 @@ CVE-2025-0624 [net: Out-of-bounds write in
grub_net_search_config_file()]
- grub2 <unfixed>
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2025-0622 [command/gpg: Use-after-free due to hooks not being removed on
module unload]
+CVE-2025-0622 (A flaw was found in command/gpg. In some scenarios, hooks
created by l ...)
- grub2 <unfixed>
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2024-45783 [fs/hfs+: refcount can be decremented twice]
+CVE-2024-45783 (A flaw was found in grub2. When failing to mount an HFS+ grub,
the hfs ...)
- grub2 <unfixed>
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
@@ -50,7 +164,7 @@ CVE-2024-45782 [fs/hfs: strcpy() using the volume name
(fs/hfs.c:382)]
- grub2 <unfixed>
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2024-45781 [fs/ufs: OOB write in the heap]
+CVE-2024-45781 (A flaw was found in grub2. When reading a symbolic link's name
from a ...)
- grub2 <unfixed>
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
@@ -70,15 +184,15 @@ CVE-2024-45777 [grub-core/gettext: Integer overflow leads
to Heap OOB Write]
- grub2 <unfixed>
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2024-45776 [grub-core/gettext: Integer overflow leads to Heap OOB Write
and Read]
+CVE-2024-45776 (When reading the language .mo file in grub_mofile_open(),
grub2 fails ...)
- grub2 <unfixed>
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2024-45775 [commands/extcmd: Missing check for failed allocation]
+CVE-2024-45775 (A flaw was found in grub2 where the grub_extcmd_dispatcher()
function ...)
- grub2 <unfixed>
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2024-45774 [reader/jpeg: Heap OOB Write during JPEG parsing]
+CVE-2024-45774 (A flaw was found in grub2. A specially crafted JPEG file can
cause the ...)
- grub2 <unfixed>
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
@@ -94,10 +208,10 @@ CVE-2024-56171 [Use-after-free in
xmlSchemaIDCFillNodeTables]
- libxml2 <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
-CVE-2025-21703 [netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()]
+CVE-2025-21703 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.15-1
NOTE:
https://git.kernel.org/linus/638ba5089324796c2ee49af10427459c2de35f71 (6.14-rc2)
-CVE-2025-21702 [pfifo_tail_enqueue: Drop new packet when sch->limit == 0]
+CVE-2025-21702 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.12.15-1
NOTE:
https://git.kernel.org/linus/647cef20e649c576dff271e018d5d15d998b629d (6.14-rc2)
CVE-2025-26842 [znuny: Information disclosure of S/MIME encrypted emails]
@@ -128,7 +242,8 @@ CVE-2025-26466 [Denial of Service: asymmetric resource
consumption of memory and
NOTE: https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
NOTE: Introduced with:
https://github.com/openssh/openssh-portable/commit/dce6d80d2ed3cad2c516082682d5f6ca877ef714
(V_9_5_P1)
NOTE: Fixed by:
https://github.com/openssh/openssh-portable/commit/6ce00f0c2ecbb9f75023dbe627ee6460bcec78c2
(V_9_9_P1)
-CVE-2025-26465 [MitM]
+CVE-2025-26465 (A vulnerability was found in OpenSSH when the VerifyHostKeyDNS
option ...)
+ {DSA-5868-1 DLA-4057-1}
- openssh 1:9.9p2-1
NOTE: https://www.openssh.com/releasenotes.html#9.9p2
NOTE: https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
@@ -2927,7 +3042,7 @@ CVE-2024-35106 (NEXTU FLETA AX1500 WIFI6 v1.0.3 was
discovered to contain a buff
CVE-2024-10383 (An issue has been discovered in the gitlab-web-ide-vscode-fork
compone ...)
NOT-FOR-US: gitlab-web-ide-vscode-fork
CVE-2025-24032 (PAM-PKCS#11 is a Linux-PAM login module that allows a X.509
certificat ...)
- {DSA-5864-1}
+ {DSA-5864-1 DLA-4058-1}
- pam-pkcs11 0.6.13-1
NOTE:
https://github.com/OpenSC/pam_pkcs11/commit/b665b287ff955bbbd9539252ff9f9e2754c3fb48
(pam_pkcs11-0.6.13)
NOTE:
https://github.com/OpenSC/pam_pkcs11/commit/d9530167966a77115db6e885d459382a2e52ee9e
(pam_pkcs11-0.6.13)
@@ -202374,8 +202489,8 @@ CVE-2022-41547 (Mobile Security Framework (MobSF)
v0.9.2 and below was discovere
NOT-FOR-US: Mobile Security Framework
CVE-2022-41546
RESERVED
-CVE-2022-41545
- RESERVED
+CVE-2022-41545 (The administrative web interface of a Netgear C7800 Router
running fir ...)
+ TODO: check
CVE-2022-41544 (GetSimple CMS v3.3.16 was discovered to contain a remote code
executio ...)
NOT-FOR-US: GetSimple CMS
CVE-2022-41543
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e2d6a5ae0093ca13257591664d30e0740179eb1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e2d6a5ae0093ca13257591664d30e0740179eb1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
